import bcrypt
from app.core.config import settings

SECRET_KEY = settings.SECRET_KEY


def _with_secret(password: str) -> str:
    """将秘钥拼接进明文密码"""
    return password + SECRET_KEY


def hash_password(plain_password: str) -> str:
    """
    加密明文密码（拼接 SECRET_KEY 后用 bcrypt）
    """
    full_password = _with_secret(plain_password)
    return bcrypt.hashpw(full_password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")


def verify_password(plain_password: str, hashed_password: str) -> bool:
    """
    校验明文密码与加密后的密码是否匹配（同样拼接 SECRET_KEY）
    """
    full_password = _with_secret(plain_password)
    return bcrypt.checkpw(full_password.encode("utf-8"), hashed_password.encode("utf-8"))
